aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares/validators
diff options
context:
space:
mode:
authorChocobozzz <florian.bigard@gmail.com>2016-08-05 21:41:28 +0200
committerChocobozzz <florian.bigard@gmail.com>2016-08-05 21:41:28 +0200
commit58b2ba55a90f05f24661e664b1fb0a3486f037e8 (patch)
tree1f44b344423667280fca24661918cea8018195f7 /server/middlewares/validators
parentf3391f9237269ed671c23fdbcc9d86dc52134fe5 (diff)
downloadPeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.tar.gz
PeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.tar.zst
PeerTube-58b2ba55a90f05f24661e664b1fb0a3486f037e8.zip
Server: do not allow a user to remove a video of another user
Diffstat (limited to 'server/middlewares/validators')
-rw-r--r--server/middlewares/validators/videos.js1
1 files changed, 1 insertions, 0 deletions
diff --git a/server/middlewares/validators/videos.js b/server/middlewares/validators/videos.js
index 9d21ee16f..e51087d5a 100644
--- a/server/middlewares/validators/videos.js
+++ b/server/middlewares/validators/videos.js
@@ -77,6 +77,7 @@ function videosRemove (req, res, next) {
77 77
78 if (!video) return res.status(404).send('Video not found') 78 if (!video) return res.status(404).send('Video not found')
79 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod') 79 else if (video.isOwned() === false) return res.status(403).send('Cannot remove video of another pod')
80 else if (video.author !== res.locals.oauth.token.user.username) return res.status(403).send('Cannot remove video of another user')
80 81
81 next() 82 next()
82 }) 83 })